Decisive.
Even if they don’t know exactly what they will do. They had a
“Commission” but apparently did no planning?
Louisiana's
governor declares an emergency after cyberattacks on several school
systems
Several
school systems in Louisiana have been attacked by malware, Gov. John
Bel Edwards said, and authorities are trying to determine if any
other agencies are affected.
The
governor issued a statewide emergency declaration Wednesday after the
security breach was discovered in several school systems throughout
the state, his office said. The declaration -- the state's first
cybersecurity emergency activation -- allows multiple resources to be
devoted to the probe.
… The
declaration enables local governments to utilize cybersecurity
experts from the Louisiana National Guard, Louisiana State Police,
the Office of Technology Services and others to resolve and prevent
cyberattacks, according to the news release.
… Louisiana
State Police, the Louisiana National Guard, the Governor's Office of
Homeland Security and Emergency Preparedness (GOHSEP), the state
Office of Technology Services, Louisiana State University and other
agencies are determining
how to move forward, the release said.
Wow!
Interesting tool. Look what it can do.
Advanced
mobile surveillanceware, made in Russia, found in the wild
Monokle
infected Android devices, but evidence suggests iOS versions may also
exist.
Researchers
have discovered some of the most advanced and full-featured mobile
surveillanceware ever seen. Dubbed Monokle and used in the wild since
at least March 2016
… Monokle
uses several novel tools, including the ability to modify the Android
trusted-certificate store and a command-and-control network that can
communicate over Internet TCP ports, email, text messages, or phone
calls. The result: Monokle provides a host of surveillance
capabilities that work even when an Internet connection is
unavailable. According to a report
published by Lookout, the
mobile security provider that found Monokle is able to:
- Retrieve calendar information including name of event, when and where it is taking place, and description
- Perform man-in-the-middle attacks against HTTPS traffic and other types of TLS-protected communications
- Send text messages to an attacker-specified number
- Reset a user’s pincode
- Record environmental audio (and specify high, medium, or low quality)
- Make outgoing calls
- Record calls
- Interact with popular office applications to retrieve document text
This
is even worse in complex systems, like AI.
According
to a
survey:
"68% of the security professionals surveyed believe it's a
programmer's job to write secure code, but they also think less than
half of developers can spot security holes." And that's a
problem.
Nearly
half of security pros surveyed, 49%, said they struggle to get
developers to make remediation of vulnerabilities a priority. Worse
still, 68% of security professionals feel fewer than half of
developers can spot security vulnerabilities later in the life cycle.
Roughly half of security professionals said they most often found
bugs after code is merged in a test environment.
At
the same time, nearly 70% of developers said that while they
are expected to write secure code,
they get little guidance or help. One disgruntled programmer said,
"It's a mess, no standardization, most of my work has never had
a security scan."
Another
problem is it seems many companies don't take security seriously
enough. Nearly 44% of those surveyed reported that they're not
judged on their security vulnerabilities.
How
the Commission thinks GDPR is working.
European
Commissions Issues Report on the Implementation of the GDPR
On
July 24, 2019, the European Commission (“the Commission”)
published a report
appraising
Europe’s progress in implementing the General Data Protection
Regulation (“GDPR”) as a central component of its revamped data
protection framework.
Gosh,
I don’t think he’s a Facebook fan. Or maybe he’s only mad for
political reasons?
Senator Edward J. Markey (D-Mass.) released the
following statement after the Federal Trade Commission (FTC)
announced its settlement with Facebook over consumer privacy
violations.
“With its settlement
with Facebook, the FTC not only fell short, it fell on its face.
Facebook is getting away with some of the most egregious corporate
bad behavior in the age of the internet,” said Senator Markey, a
member of the Senate Commerce, Science and Transportation Committee.
“This settlement is a partisan abdication of the FTC’s duty.
… “The new rules
placed on Facebook in this consent decree fail to systematically
change Facebook’s internal infrastructure and put a stop to its
privacy malpractice once and for all.
(Related)
Is this settlement better?
Similar
to the AI algorithm problem, but at lest Mark Zuckerberg should
be able to explain this one.
Facebook
algorithm changes suppressed journalism and meddled with democracy
The
Conversation:
“Facebook’s News
Feed algorithm determines
what
users see on
its platform – from funny memes to comments from friends. The
company regularly
updates
this
algorithm, which can dramatically change what information people
consume. As the 2020 election approaches, there is much public
concern that what was dubbed “Russian
meddling”
in
the 2016 presidential election could happen again. But what’s not
getting enough attention is the role Facebook’s algorithm changes
play, intentionally
or not,
in that kind of meddling. A key counterpoint to the Russian
misinformation campaign was factual journalism from reputable sources
– which reached
many of their readers on Facebook and other social media platforms.
As a social
media researcher and educator, I
see evidence that changes to Facebook’s News Feed algorithm
suppressed users’ access to credible journalism in the run-up to
Trump’s election…”
Odds
are in your favor. Sorry.
Equifax
Settlement Payouts Range from $125 to $20K. Here's How to Find Out if
You're Eligible in Just 10 Seconds
If
you spent time or money as a result of the Equifax breach, even if
you only signed up for free credit monitoring, you can quickly check
to see if you're eligible for part of the settlement.
… Visit
the settlement
eligibility checker and enter your last name and the last six
digits of your social security number to find out if your information
was included in the breach. If so, you can then follow the prompts
to file a claim.
According
to the site, "You can receive free, three-bureau credit
monitoring at all three national credit reporting agencies (Equifax,
Experian, and TransUnion). Experian will provide this service for at
least four years. You can also enroll in free, single-bureau credit
monitoring of your Equifax credit file, provided by Equifax, for up
to six years after the Experian service ends."
Or,
if you're skeptical about having Equifax monitor your credit at this
point, you can choose a cash payout and sign up for a different
credit monitoring service on your own.
[My
results:
Based
on the information you provided, our records indicate your personal
information was impacted by this incident.
They
may have a point, but the focus is missing.
The
end of tech's laissez-faire era
This week's series of big government moves against
big tech platforms dropped a curtain on the era of hands-off
regulatory policy that shaped the firms.
Why it matters: A generation of firms led by
Google and Facebook that grew rich and powerful while the Feds stayed
out of their way must now adjust to government action as a way of
life. Meanwhile, legislators and regulators will have to figure out
[Little success so far.
Bob] how to protect the public while preserving the
industry's vitality and creativity.
- In other circles, insiders are beginning to talk about the prospect of a broad new Telecommunications Act-like law that would wrap privacy and data ownership rules, antitrust safeguards, and content regulations into one big package.
- Since the current Congress hasn't even been able to get a bill focused only on privacy moving, either of these scenarios would have to play out on a long horizon.
Interesting
speakers. Should be worth following. (Photos, not so much.)
50
Photos From Net@50: The Roots and Future of the Internet
… We’ll
publish another post soon with more takeaways from the event, but for
now, please enjoy the photo slideshow. You can also watch videos of
the entire event by
clicking here.
(We also ran a special
series of stories,
by Wade Roush and Brian Dowling, which predict the internet’s next
50 years, trace the roots of internet security issues, and provide
in-depth Q&As with Radia Perlman, Bob Metcalfe, and Don Norman.)
A tool for my
geeks.
This
AI-powered autocompletion software is Gmail’s Smart Compose for
coders
Over
the past year, AI has seriously improved its ability to generate the
written word. By scanning huge datasets of text, machine learning
software can produce convincing samples of everything from short
stories to song lyrics. Now, those same techniques are being applied
to the world of coding with a new program called Deep
TabNine.
Deep
TabNine is what’s known as a coding autocompleter. Programmers can
install it as an add-on in their editor of choice, and when they
start writing, it’ll suggest how to continue each line, offering
small chunks at a time. Think of it as Gmail’s Smart Compose
feature but for code.
No comments:
Post a Comment